Example 1 with NSAdminPermission
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class NodeSource method acquireNode.
/**
* Acquires the existing node with specific url. The node have to be up and running.
*
* @param nodeUrl the url of the node
* @param provider
*/
public BooleanWrapper acquireNode(String nodeUrl, Client provider) {
if (toShutdown) {
throw new AddingNodesException("[" + name + "] node " + nodeUrl + " adding request discarded because node source is shutting down");
}
// checking that client has a right to change this node source
// if the provider is the administrator of the node source it always has this permission
provider.checkPermission(providerPermission, provider + " is not authorized to add node " + nodeUrl + " to " + name, new RMCoreAllPermission(), new NSAdminPermission());
// lookup for a new Node
int lookUpTimeout = PAResourceManagerProperties.RM_NODELOOKUP_TIMEOUT.getValueAsInt();
Node nodeToAdd = null;
try {
logger.info("Looking up the node " + nodeUrl + " with " + lookUpTimeout + " ms timeout");
nodeToAdd = lookupNode(nodeUrl, lookUpTimeout);
logger.info("The node " + nodeUrl + " has been successfully looked up");
} catch (Exception e) {
logger.warn("Cannot look up the node " + nodeUrl + " within " + lookUpTimeout + " ms due to " + e.getMessage(), e);
throw new AddingNodesException(e);
}
// node should be not null at this point...
if (nodeToAdd == null) {
throw new AddingNodesException("Cannot lookup node for unknown reason : " + nodeUrl);
}
// now checking if this node has been registered before in the node source
if (downNodes.containsKey(nodeUrl)) {
// it was registered but detected as down node,
// so basically the node was restarted.
// adding a new node and removing old one from the down list
logger.debug("Removing existing node from down nodes list");
BooleanWrapper result = rmcore.removeNodeFromCore(nodeUrl);
if (result.getBooleanValue()) {
if (logger.isDebugEnabled())
logger.debug("[" + name + "] successfully removed node " + nodeUrl + " from the core");
// just removing it from down nodes list
removeNode(nodeUrl, provider);
}
} else if (nodes.containsKey(nodeUrl)) {
// adding a node which exists in node source
Node existingNode = nodes.get(nodeUrl);
if (nodeToAdd.equals(existingNode)) {
// don't do anything
if (logger.isDebugEnabled())
logger.debug("An attempt to add the same node twice " + nodeUrl + " - ignoring");
return new BooleanWrapper(false);
} else {
// adding another node with the same url
// replacing the old node by the new one
logger.debug("Removing existing node from the RM without request propagation to the infrastructure manager");
BooleanWrapper result = rmcore.removeNodeFromCore(nodeUrl);
if (result.getBooleanValue()) {
if (logger.isDebugEnabled())
logger.debug("[" + name + "] successfully removed node " + nodeUrl + " from the core");
// removing it from the nodes list but don't propagate
// the request the the infrastructure because the restarted node will be killed
nodes.remove(nodeUrl);
}
}
}
// if any exception occurs in internalAddNode(node) do not add the node to the core
RMDeployingNode deployingNode;
try {
deployingNode = internalAddNode(nodeToAdd);
} catch (RMException e) {
throw new AddingNodesException(e);
}
// we build the rmnode
RMNode rmNode = buildRMNode(nodeToAdd, provider);
if (deployingNode != null) {
// inherit locking status from associated deploying node created before
((AbstractRMNode) rmNode).copyLockStatusFrom(deployingNode);
}
BooleanWrapper nodeAdded = rmcore.registerAvailableNode(rmNode);
rmcore.internalRegisterConfiguringNode(rmNode);
return nodeAdded;
}
Also used :
RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission)
NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission)
BooleanWrapper(org.objectweb.proactive.core.util.wrapper.BooleanWrapper)
RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode)
AbstractRMNode(org.ow2.proactive.resourcemanager.rmnode.AbstractRMNode)
RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode)
RMDeployingNode(org.ow2.proactive.resourcemanager.rmnode.RMDeployingNode)
Node(org.objectweb.proactive.core.node.Node)
AbstractRMNode(org.ow2.proactive.resourcemanager.rmnode.AbstractRMNode)
AddingNodesException(org.ow2.proactive.resourcemanager.exception.AddingNodesException)
RMDeployingNode(org.ow2.proactive.resourcemanager.rmnode.RMDeployingNode)
RMException(org.ow2.proactive.resourcemanager.exception.RMException)
AddingNodesException(org.ow2.proactive.resourcemanager.exception.AddingNodesException)
RMException(org.ow2.proactive.resourcemanager.exception.RMException)
AbstractRMNode(org.ow2.proactive.resourcemanager.rmnode.AbstractRMNode)
Example 2 with NSAdminPermission
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class RMCore method deployNodeSource.
/**
* {@inheritDoc}
*/
@Override
public BooleanWrapper deployNodeSource(String nodeSourceName) {
logger.info("Deploy node source " + nodeSourceName + REQUESTED_BY_STRING + this.caller.getName());
if (!this.deployedNodeSources.containsKey(nodeSourceName)) {
if (this.definedNodeSources.containsKey(nodeSourceName)) {
NodeSource nodeSourceToDeploy = this.definedNodeSources.get(nodeSourceName);
this.caller.checkPermission(nodeSourceToDeploy.getAdminPermission(), this.caller + " is not authorized to deploy " + nodeSourceName, new RMCoreAllPermission(), new NSAdminPermission());
}
NodeSourceDescriptor nodeSourceDescriptor = this.getDefinedNodeSourceDescriptorOrFail(nodeSourceName);
this.updateNodeSourceDescriptorWithStatusAndPersist(nodeSourceDescriptor, NodeSourceStatus.NODES_DEPLOYED);
deployNodeSourceOrFail(nodeSourceName, nodeSourceDescriptor);
} else {
logger.debug(NODE_SOURCE_STRING + nodeSourceName + " is already deployed");
}
return new BooleanWrapper(true);
}
Also used :
NodeSource(org.ow2.proactive.resourcemanager.nodesource.NodeSource)
RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission)
NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission)
BooleanWrapper(org.objectweb.proactive.core.util.wrapper.BooleanWrapper)
NodeSourceDescriptor(org.ow2.proactive.resourcemanager.nodesource.NodeSourceDescriptor)
Example 3 with NSAdminPermission
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class RMCore method removeNodeSource.
/**
* {@inheritDoc}
*/
public BooleanWrapper removeNodeSource(String nodeSourceName, boolean preempt) {
logger.info("Remove node source " + nodeSourceName + " with preempt=" + preempt + REQUESTED_BY_STRING + this.caller.getName());
NodeSource nodeSourceToRemove;
if (this.definedNodeSources.containsKey(nodeSourceName)) {
nodeSourceToRemove = this.definedNodeSources.get(nodeSourceName);
} else if (this.deployedNodeSources.containsKey(nodeSourceName)) {
nodeSourceToRemove = this.deployedNodeSources.get(nodeSourceName);
} else {
throw new IllegalArgumentException("Unknown node source " + nodeSourceName);
}
this.caller.checkPermission(nodeSourceToRemove.getAdminPermission(), this.caller + " is not authorized to remove " + nodeSourceName, new RMCoreAllPermission(), new NSAdminPermission());
this.shutDownNodeSourceIfDeployed(nodeSourceName, preempt);
this.removeDefinedNodeSource(nodeSourceName, nodeSourceToRemove);
return new BooleanWrapper(true);
}
Also used :
NodeSource(org.ow2.proactive.resourcemanager.nodesource.NodeSource)
RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission)
NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission)
BooleanWrapper(org.objectweb.proactive.core.util.wrapper.BooleanWrapper)
Example 4 with NSAdminPermission
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class RMCore method checkNodeAdminOrProviderPermission.
/**
* Checks if the client is the node admin or provider.
*
* @param rmnode is a node to be checked
* @param client is a client to be checked
* @return true if the client is an admin or provider, SecurityException otherwise
*/
private boolean checkNodeAdminOrProviderPermission(RMNode rmnode, Client client) {
if (client == localClient) {
return true;
}
NodeSource nodeSource = rmnode.getNodeSource();
String errorMessage = client.getName() + " is not authorized to manage node " + rmnode.getNodeURL() + " from " + rmnode.getNodeSourceName();
// a node provider
try {
// checking if the caller is an administrator
client.checkPermission(nodeSource.getAdminPermission(), errorMessage, new RMCoreAllPermission(), new NSAdminPermission());
} catch (SecurityException ex) {
// the caller is not an administrator, so checking if it is a node source provider
client.checkPermission(nodeSource.getProviderPermission(), errorMessage, new RMCoreAllPermission(), new NSAdminPermission());
}
return true;
}
Also used :
NodeSource(org.ow2.proactive.resourcemanager.nodesource.NodeSource)
RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission)
NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission)
Example 5 with NSAdminPermission
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class CommonRest method setLogLevelMultiple.
@Override
public boolean setLogLevelMultiple(String sessionId, Map<String, String> loggersConfiguration) throws RestException {
Scheduler scheduler = checkAccess(sessionId);
boolean levelChanged = false;
try {
try {
checkPermission(scheduler.getSubject(), new RMCoreAllPermission(), "Resource Manager administrative rights is required");
} catch (PermissionException e) {
checkPermission(scheduler.getSubject(), new NSAdminPermission(), "Resource Manager administrative rights is required");
}
if (loggersConfiguration != null) {
for (Map.Entry<String, String> entry : loggersConfiguration.entrySet()) {
Logger loggerInstance;
String name = entry.getKey();
String level = entry.getValue();
if (name == null) {
loggerInstance = Logger.getRootLogger();
} else {
loggerInstance = Logger.getLogger(name);
}
if (loggerInstance == null) {
throw new RestException("No logger found with name " + name);
}
Level levelInstance = Level.toLevel(level, Level.INFO);
Level effectiveLevel = loggerInstance.getEffectiveLevel();
if (levelInstance.toInt() != effectiveLevel.toInt()) {
logger.info("Changing logger " + name + " to " + levelInstance.toString());
levelChanged = true;
} else {
logger.debug("Logger " + name + " is already on level " + levelInstance.toString());
}
loggerInstance.setLevel(levelInstance);
}
}
return levelChanged;
} catch (PermissionException e) {
throw new PermissionRestException("Resource Manager administrative rights is required");
} catch (NotConnectedException e) {
throw new NotConnectedRestException(YOU_ARE_NOT_CONNECTED_TO_THE_SCHEDULER_YOU_SHOULD_LOG_ON_FIRST);
}
}
Also used :
PermissionException(org.ow2.proactive.scheduler.common.exception.PermissionException)
NotConnectedException(org.ow2.proactive.scheduler.common.exception.NotConnectedException)
Scheduler(org.ow2.proactive.scheduler.common.Scheduler)
PermissionRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.PermissionRestException)
SchedulerRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.SchedulerRestException)
RestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.RestException)
NotConnectedRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.NotConnectedRestException)
NotConnectedRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.NotConnectedRestException)
Logger(org.apache.log4j.Logger)
PermissionRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.PermissionRestException)
Level(org.apache.log4j.Level)
Aggregations
NSAdminPermission (org.ow2.proactive.permissions.NSAdminPermission)7
RMCoreAllPermission (org.ow2.proactive.permissions.RMCoreAllPermission)7
BooleanWrapper (org.objectweb.proactive.core.util.wrapper.BooleanWrapper)5
NodeSource (org.ow2.proactive.resourcemanager.nodesource.NodeSource)5
Logger (org.apache.log4j.Logger)2
Node (org.objectweb.proactive.core.node.Node)2
RMNodeSourceEvent (org.ow2.proactive.resourcemanager.common.event.RMNodeSourceEvent)2
RMDeployingNode (org.ow2.proactive.resourcemanager.rmnode.RMDeployingNode)2
RMNode (org.ow2.proactive.resourcemanager.rmnode.RMNode)2
Scheduler (org.ow2.proactive.scheduler.common.Scheduler)2
NotConnectedException (org.ow2.proactive.scheduler.common.exception.NotConnectedException)2
PermissionException (org.ow2.proactive.scheduler.common.exception.PermissionException)2
NotConnectedRestException (org.ow2.proactive_grid_cloud_portal.scheduler.exception.NotConnectedRestException)2
PermissionRestException (org.ow2.proactive_grid_cloud_portal.scheduler.exception.PermissionRestException)2
ImmutableSet (com.google.common.collect.ImmutableSet)1
Permission (java.security.Permission)1
HashSet (java.util.HashSet)1
Entry (java.util.Map.Entry)1
Set (java.util.Set)1
Level (org.apache.log4j.Level)1
